Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3175
Views
0
Helpful
6
Replies

Cisco Catalyst 3560 as gateway to Internet, please help

liangweiqiang
Level 1
Level 1

‎03-09-2016 11:45 PM - edited ‎03-08-2019 04:54 AM

Dear all, please help for configuring Cisco Catalyst 3560 as gateway for multiple VLANs to access Internet. There are many classrooms in our school so I like to set a VLAN to every classroom. My configuration was as following:

ip dhcp excluded-address 172.23.20.1 172.23.20.10
ip dhcp excluded-address 172.23.20.250 172.23.20.254

ip dhcp pool LAN20Pool
 network 172.23.20.0 255.255.255.0
 default-router 172.23.20.1
 dns-server 8.8.8.8

interface FastEthernet0/20
 switchport access vlan 20
 switchport mode access

interface FastEthernet0/24
 no switchport
 ip address dhcp

ip routing

ip route 0.0.0.0 0.0.0.0 10.0.0.1

interface Vlan20
 ip address 172.23.20.1 255.255.255.0

The port f0/24 is connecting to a Linksys wireless router (IP address 10.0.0.1) with ADSL connection to Internet.

The port f0/20 is connecting to a PCs.

From 3560 switch, I could ping to ADSL router (10.0.0.1),

as well as to Internet such as www.yahoo.com

From a PC, the IP address is obtained properly:

From PC can ping to SVI (VLAN gateway) 172.23.20.1, but not the upper gateway (ADSL router, 10.0.0.1):

Here is the route print from PC:

Why from switch can ping to Internet but from PC could not? Please help for this issue. Thank you very much.

:-

Labels:
0 Helpful
6 Replies 6

Mark Malone
VIP Alumni
VIP Alumni

‎03-10-2016 05:11 AM

Just make it layer 2 remove ip route and just use default gateway of 10.0.0.1 , remove the SVI 20 vlan interface and just trunk between the 3560 and Linksys router and allow all vlans , I think the pc is stopping as its hitting the svi , that should work then , make sure the vlans exist on both devices at layer 2 and just let the Lynksys do the routing or move the vlan 20 interface off the 3650 to the Lynksys or use an igp between the devices if routing

0 Helpful

liangweiqiang
Level 1
Level 1
In response to Mark Malone

‎03-10-2016 05:32 PM

Thank you very much. In my school there are about 40-50 PCs running Windows 8/10 in every classroom. Every classroom the student PCs generate huge traffic to main school network. So I want to use VLAN to separate traffic for each classroom to improve performance and will apply security control based on VLAN.
From your reply, now my understanding is, the frames from PC to f0/20 port is tagged with VID 20. But f0/24 port to Linksys router is a normal routed port without 802.1q or trunk supported. If I keep VLAN in place, what to configure on 3560 switch or on Linksys WRT310N to get them work together?

Or, could you please advise me how to adjust our school network? We have a fiber connection to ISP and share this connection to 20+ classrooms and staff. I want to separate and control classroom traffic ans staff traffic.

0 Helpful

pwwiddicombe
Level 4
Level 4

‎03-10-2016 05:51 AM

We don't have any information on the Internet connection, but likely it doesn't know about the "internal" addresses in your classroom vlans.  How does the internet gateway you have get a packet back to 172.23.20.1?  It will, on the other hand, know about the 10.0.0.x addresses, as it's locally configured on the router.

The conventional way of overcoming this is to use NAT, so that the internal addresses in 172.23...  are presented to the internet connection as ports of 10.0.0.1; which the gateway knows about.  However, it is probably already doing it's own NAT translation to the internet, as the 10.0.0.0 address space isn't supposed to be routed on the Internet.

0 Helpful

liangweiqiang
Level 1
Level 1
In response to pwwiddicombe

‎03-10-2016 05:03 PM

Thank you very much. Actually I haved configured the setting on Packet Tracer and worked. In packet tracer I used a 2811 router as gateway and setting "ip route 172.23.0.0 255.255.0.0 10.0.0.2" to route traffic back to my VLANs.

The Linksys router WRT310N is working as a normal NAT + DHCP router. When connecting PCs to Linksys router, all can connect to Internet properly.

In 3560 switch, inter-VLAN routing is fine. From your reply, now my understanding is, I might need to translate packets from 172.23.0.0 to 10.0.0.0 so the Linksys router can NAT & forward to Internet? Can I configure NAT on 3560 switch to translate packets between 172.23.0.0 and 10.0.0.0 networks? (The google search result is NO NAT support in 3560 switch!!!) Or what can I configure on Linksys WRT310N, for example change IP address to 172.23.?.?, to allow traffic from VLANs to Internet?

0 Helpful

liangweiqiang
Level 1
Level 1

‎03-13-2016 04:01 PM

With guide and help from pwwiddicombe and mark malone, now I changed the topology as following, just add a router 1941 doing NAT between classroom subnets (VLANs) and the Linksys wireless router.

Configure router 1941 with PAT.

Worked in packet tracer and then placed all configurations into 3560 switch and 1941 router. Tested and now all PCs from different VLANs could access Internet.

Thank you all for guide and support.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to liangweiqiang

‎03-13-2016 07:41 PM

Thank you for posting back to the forum to tell us how you have changed your environment based on suggestions from the forum and for letting us know that this new environment does work. That is good to know.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents